|
|
|
|
|
|
by tracker1
2406 days ago
|
|
|
I often tend to just use relatively short lived tokens (12 hrs mostly), which avoids a lot of issues in practice. It depends on the use case. Depending on their DB systems and caching infrastructure, the JTI in as a key in a revocation database would work. It's not always worth implementing though. |
|
|